Eric M Russell (10/31/2014)
Yes they are, or are browsing as part of their job. Like when I go into a Best Buy and tell them I can buy product X on Amazon for $100 cheaper, they will browse to the Amazon site to verify. And I am sure that with that capability, they are using it for other things.
A POS terminal with open USB port, internet connectivity, or unencrypted wifi is just plain stupid. I'd expect to that at a small owner operated shop (where I prefer to use cash), but not at a national retailer.
There are a lot of things that are stupid here. Major corporations get hacked because of stupid decisions and they have to "disclose it to the public" and move on with their lives. Small companies get hacked and there's no announcement and they move on with their lives. Many stupid decisions at companies are made and there aren't any repercussions except bad press, which seems to be so plentiful now that nobody cares any more. Home Depot's "We sell hammers" quote in response to implementing security comes to mind.
The terms and conditions, terms of service, implied consent and notice of privacy practices that allows selling/sharing person data only serve to make the whole situation worse and more in the hands of the lawyers than anyone else. Don't get me started on the international impunity that so many companies operate under.
Until people are held accountable for their decisions and people grow a brain to actually address security for real, we're all subject to the same meaningless, legalized corporate apology that's getting more and more common.
Sorry, but this touched a raw nerve with me. I'll stop the rant and get off my soap box.